Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

authentication: return user verified flag #235

Merged
merged 1 commit into from
Jan 16, 2025
Merged

authentication: return user verified flag #235

merged 1 commit into from
Jan 16, 2025

Conversation

ggirol-rc
Copy link
Contributor

Some other libs like webauthn-rs enforce that when user verification is only preferred and that a device previously performed user verification, it must continue to perform it on later authentication, as it proved that it was user verification capable. Whether this out-of-spec check is desirable is an open question, however if someone wants to align behavior between a webauthn-rs-based implem and a py_webauthn implem then returning this information is necessary.

@CLAassistant
Copy link

CLAassistant commented Dec 30, 2024
edited
Loading

CLA assistant check
All committers have signed the CLA.

@ggirol-rc
authentication: return user verified flag
4aafae1 
Some other libs like webauthn-rs enforce that when user verification is
only preferred and that a device previously performed user verification,
it must continue to perform it on later authentication, as it proved
that it was user verification capable. Whether this out-of-spec check is
desirable is an open question, however if someone wants to align
behavior between a webauthn-rs-based implem and a py_webauthn implem
then returning this information is necessary.
@MasterKale
Copy link
Collaborator

Hey @ggirol-rc thanks for the suggestion. This looks fine with me, though what do you think about adding this to verify_registration_response() as well? I think for sake of "feature parity" across the two registration methods this should get added there too.

@ggirol-rc
Copy link
Contributor Author

Hi, I think it is already present for registration

py_webauthn/webauthn/registration/verify_registration_response.py

Line 284 in 42537f5

user_verified=auth_data.flags.uv,

@MasterKale
Copy link
Collaborator

MasterKale commented Jan 16, 2025
edited
Loading

Oh, you're right, my bad. It's been a while since I've looked at that particular method 🤦‍♂️

Alright then, I'm going to kick off tests and assuming those pass I'll merge. This'll go out as part of a v2.4.1 update I'm planning.

MasterKale
MasterKale approved these changes Jan 16, 2025
View reviewed changes
Copy link
Collaborator

@MasterKale MasterKale left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm :shipit:

@MasterKale MasterKale added this to the v2.4.1 milestone Jan 16, 2025
@MasterKale MasterKale merged commit aa365d7 into duo-labs:master Jan 16, 2025
5 checks passed
@ggirol-rc ggirol-rc deleted the return_uv_flag branch January 17, 2025 08:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@MasterKale MasterKale MasterKale approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
v2.5.0
Development

Successfully merging this pull request may close these issues.
3 participants
@ggirol-rc @CLAassistant @MasterKale